Thanks Murali. Can you tell me why most of these roles do not have actions in them.

Hi Doug,

The XI Java auths work by reading the role titles from the ABAP stack which correspond to groups in the Java stack. These groups are assigned privileges in the Java system.

This way, it is possible, via SU01 in the ABAP stack, to manage user access in both places. I can only imagine that SAP wanted the facility to segregate access in the different stacks, hence being able to give certain admin functions only in ABAP or Java. As there are things that you can only configure via the Java side, it makes sense to be able to provide a certain level of granularity in addition to whatever functions the user needs to perform in the ABAP stack

Thanks Alex. Can you give me an example where you can configure only on the Java side and not on the ABAP.

Also, some of the groups which i mentioned above do not have any roles or actions in the UME. Is it suuposed to be that way, if so can you explain me the reason why they're no actions in them.

Thanx.

At a previous client they insisted on having very limited access to maintain the SLD & as a result there were some users with only very basic auths on ABAP side & wider access to maint SLD on the Java side.

Not too sure about the missing stuff in the UME to be honest, I'm pretty sure all should have roles assigned, there is some info here on the roles they are supposed to have

http://help.sap.com/saphelp_nw04/helpdata/en/22/2ca0856c9d0c41beae4dcbeba6f0dc/content.htm

http://help.sap.com/saphelp_nw04/helpdata/en/4e/90a43f4aa1330ee10000000a114084/content.htm

Thanks again Alex. I'm trying to look for the same info for NW04s as PI is NW04s

Let me know if you are able to find one.

Thanks.